The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Smart Speaker

Amazon Alexa Bugs Could've Let Hackers Install Malicious Skills Remotely

Amazon Alexa Bugs Could've Let Hackers Install Malicious Skills Remotely
August 13, 2020Ravie Lakshmanan
Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. Check Point cybersecurity researchers—Dikla Barda, Roman Zaikin and Yaara Shriki—today disclosed severe security vulnerabilities in Amazon's Alexa virtual assistant that could render it vulnerable to a number of malicious attacks. According to a new report released by Check Point Research and shared with The Hacker News, the "exploits could have allowed an attacker to remove/install skills on the targeted victim's Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill." "Smart speakers and virtual assistants are so commonplace that it's easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes,"

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
July 17, 2019Swati Khandelwal
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side channels. Now, a separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission. Abusing Android Accelerometer to Capture Loudspeaker Data Dubbed Spearphone , the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions. An

Alexa, Are You Spying On Me? Not Really, Maybe, It's Complex!

Alexa, Are You Spying On Me? Not Really, Maybe, It's Complex!
August 02, 2017Mohit Kumar
Do you own an Amazon Echo? So are you also worried about hackers turning out your device into a covert listening device? Just relax, if there's no NSA, no CIA or none of your above-skilled friends after you. Since yesterday there have been several reports on Amazon Echo hack that could allow a hacker to turn your smart speaker into a covert listening device, but users don't need to worry because the hack is not simple, requires physical access to the device and does not work on all devices, as well. Amazon Echo is an always-listening voice-activated smart home speaker that is designed to play music, set alarms, answer questions via the Alexa voice assistant, and control connected smart home devices like WeMo, Hive and Nest. Hack Turns Amazon Echo Into Spying Device (But It's Complex) Now researchers from MWR InfoSecurity have demonstrated a hack, showing how hackers can exploit a vulnerability in some models of Amazon Echo to turn them into covert listening d
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.